A3:2021 | SQL Injection Advanced (3) | Cycubix Docs
Try It! Pulling data from other tables
The input field below is used to get data from a user by their last name. The table is called 'user_data':
Through experimentation you found that this field is susceptible to SQL injection. Now you want to use that knowledge to get the contents of another table.
The table you want to pull data from is:
6.a) Retrieve all data from the table 6.b) When you have figured it out…. What is Dave’s password?
Note: There are multiple ways to solve this Assignment. One is by using a UNION, the other by appending a new SQl statement. Maybe you can find both of them.
Solution
In the hints of the exercise, it is stated that we should use the
UNIONcommand. This commend requires that both SELECT statements involved return the same number of columns with compatible data types in the same order.When we select the user_data table we notice that there are more columns than the user_system_data table.
Because of the difference in the columns, we will concatenate the two statements and select userid, user_name, password and cookies and create column A, B and 1 from user_systrem_data.
SELECT * FROM user_data WHERE last_name = '' UNION SELECT 1, user_name, password, cookie, 'A', 'B', 1 from user_system_data;--'
We do this to have the same amount of columns than the user_data table. If a column needs a String you could substitute something like 'a String' for it. For integers you could substitute a 1.
You will be able to retrieve the data from all users and Dave's password.
How do we know that Dave's password is "passWorD"?, because from our Query we can follow the order or the values: user_name, password, cookie, etc.
Last updated
